package com.caiyi.financial.nirvana.sms.shiro;

import com.caiyi.financial.nirvana.sms.service.SmsPermissionService;
import com.caiyi.financial.nirvana.sms.service.SmsRoleService;
import com.caiyi.financial.nirvana.sms.util.Constant;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * 默认开放全部接口
 * 需要权限控制的接口再加入filter
 */
@Configuration
public class ShiroConfiguration {

    @Autowired
    private SmsPermissionService permissionService;

    @Autowired
    private SmsRoleService roleService;

    @Value("${spring.profiles.active}")
    private String env;

    @Bean
    public ShiroFilterFactoryBean shirFilter(DefaultWebSecurityManager securityManager) {
        SmsShiroFilterFactoryBean shirFilterFactoryBean = new SmsShiroFilterFactoryBean(permissionService, roleService);
        shirFilterFactoryBean.setSecurityManager(securityManager);
        /*校验返回JSON*/
        String urlPrefix = env.equals(Constant.ENV_PRO) ? "http://admin.huaruilie.com" : "";
        shirFilterFactoryBean.setLoginUrl(urlPrefix + "/sms/shiro/unauthenticated");//未登录
        shirFilterFactoryBean.setUnauthorizedUrl(urlPrefix + "/sms/shiro/unauthorized");//无权限
        return shirFilterFactoryBean;
    }

    @Bean
    public DefaultWebSecurityManager securityManager(AuthorizingRealm realm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realm);
        return securityManager;
    }
}



